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WHAT IS CLAIMED IS: 



1. A dJjta processing device comprising: 
a memorif interface unit for accessing data storage 
means ; and 

a control- unit for controlling said memory interface 

unit ; 

wherein : 

an access] permission table which is stored in a data 
storage area lln said data storage means is set in said 
memory interface unit; and 



in respond 
storage means , 



;e to an access command to access said data 
which is issued by said control unit, said 
memory interface unit determines, by referring to the access 
permission tabJe, whether or not to execute the access 
command, wherebW^ processing which is set executable by the 
access permission table is only executed. 



2. A data processing device according to Claim 1, 
wherein : 

the data stotage area in said data storage means is a 
flash memory havimg a plurality of blocks, each of which 
consists of a plurality of sectors which each have a 
predetermined data capacity; 

in the access! permission table, permission information 
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on block-unit data processing is set; and 

in accoraance with the set permission information, said 
memory interface unit includes means for determines whether 
or not the blopk-unit data processing can be executed. 



3. A data \ processing device according to Claim 1, 
wherein : 

only when a type of processing corresponding to the 
access command firom said control unit is within a range of 
processing types! which are set executable by the access 
permission table! does said memory interface unit execute the 
type of processing, and sets a process-success flag in 



accordance with e 



interface unit; and 



said control 
condition that th^ 
said memory inter 



when the acce 



address of a data 



success of the processing in said memory 



unit executes processing thereof on 

setting of the process-success flag in 
ace unit is verified. 



4. A data pr9cessing device according to Claim 1, 
wherein : 

iks command designates a data-file reading 



process, said control unit executes a process in which the 



file to be read is selected from a file 



allocation table corresponding to the data storage area in 



said data storage 



means and is transmitted to said memory 



interface unitl; and 

after receiving the address of the data file, said 
memory interface unit determines, by using the received 
address to refer to the access permission table, whether or 
not an address -assigned area having the address is a data- 
readable area, and only when the address -assigned area is a 
data-readable ariea does said memory interface unit execute 
the data-file reading process. 

5. A data p: recessing device according to Claim 1, 
wherein : 

ess command designates a data-file writing 
process, said control unit executes a process in which the 
address of a data! file to be written is selected from the 
data storage area lin said data storage means and is 
transmitted as a wprite address to said memory interface 
unit ; and 

after receiviilg the write address, said memory 

(irmines , by using the received write 
address to refer to the access permission table, whether or 
not an address -ass:. gned area having the write address is 

and only when the address-assigned area 
area does said memory interface unit 



interface unit det 



data- writ able area 
is a data-writable 



execute the data-f:Lle writing process 
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6. A data processing device according to Claim 1, 
wherein : 

in the access permission table, in the form of 
additional data, Ian integrity check value which is generated 
based on data in rthe access permission table is included as 



a check value for 
access permission 



verifying whether or not the data in the 
table is interpolated; 
said memory ikiterface unit includes a cryptosystem unit 
for, based on the lintegrity check value, executing the 
integrity checking! of the access permission table; and 

when said crypltosystem unit determines that the access 
permission table has not been interpolated, the access 
permission table is \ set in said memory interface unit, and 
data processing is executed based on the determination of 
access permission inj accordance with the set access 
permission table . 



7. A data proces^sing device according to Claim 1, 
wherein : 

in the access perihission table, in the form of 
additional data, an integrity check value which is generated 
based on data including data in the access permission table 
and an identifier uniquja to said data storage means is 
included as a check value for verifying whether or not the 
data in the access permLssion table is interpolated; 
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the verificataon based on the integrity check value by 
said memory interface unit is executed as the verification 
of whether or not tuie access permission table is stored in 
valid media, in addition to the verification of whether or 
not the data in the \access permission table is interpolated; 
and 

when verifying llhe validity of storage, the access 
permission table is set in said memory interface unit, and 
data processing is executed based on the determination of 
access permission in ^accordance with the set access 
permission table . 

8- A data procesiing device according to Claim 1, 
wherein, when mutual authentication is established as a 
result of mutual authentication with said data storage means, 
the access permission table, which is stored in the memory 
of said data storage mqans , is set in said memory interface 
unit . 



9. A data processipg device according to Claim 1, 
wherein : 

said data storage mfeans is a flash memory having a data 
storage area which has al plurality of blocks , each of which 



consists of a plurality 



sectors has a predetermi led data capacity; 



f sectors in which each of the 



\ 



in the access permission table, either information on 
whether or not blocK-unit data erasure can be performed or 
information on whether or not block-unit data playback can 
be performed is set; land 

in accordance wiith either information set in the access 
permission table, saip memory interface unit determines 
whether or not block-mnit data processing can be executed. 

10. A data storaae device comprising a data storage 
area consisting of a pilurality of blocks, each of which 
consists of a plurality! of sectors which each have a 
predetermined data capacity, 

wherein, in said data storage area, an access 
permission table in which permission information on block- 
unit data processing in l^he data storage area is set is 
stored. 



11. A data storage device according to Claim 10, 
wherein data-processing-pe|rmission information on blocks of 
the data storage area in which the access permission table 



is stored is set to indicai: 
an erasure-prevented area 



e that the blocks are treated as 



12. A data storage de^^ice according to Claim 10, 
further comprising a cryptosystem unit for executing mutual 



authentication with a\ data processing device which performs 
data transfer to said 1 data storage device, 

wherein, when the! mutual authentication is established, 
a process which transfers the access permission table to 
said data processing device is executed. 

13, A data processing method for a data processing 
device comprising a memory interface unit for accessing data 
storage means and a con1:rol unit for controlling said memory 
interface unit, wherein said memory interface unit performs 
the steps of : 

setting therein an 4ccess permission table which is 

area in said data storage means; 
determining, by referring to the access permission 
table in response to an access command to access said data 
storage means, whether orj not to execute the access command; 
and 

executing only a process which is set executable by the 
access permission table. 

14. A data processiii|g method according to Claim 13, 
wherein : 

the data storage are4 in said data storage means is a 
flash memory having a plurality of blocks, each of which 
consists of a plurality of sectors which each have a 



stored in a data storage 
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predetermined data\ capacity ; 

in the access permission table, permission information 
on block-unit data processing is set; and 

in accordance with the set permission information, said 
memory interface unit includes means for determines whether 
or not the block-unit data processing can be executed. 

15. A data proqessing method according to Claim 13, 
wherein : 

only when a typel of processing corresponding to the 
access command from said control unit is within a range of 
processing types which are set executable by the access 



permission table does 
type of processing, a 



said memory interface unit execute the 
id sets a process-success flag in 
accordance with a sucqess of the processing in said memory 
interface unit ; and 

said control unit lexecutes processing thereof on 
condition that the settling of the process -success flag in 
said memory interface ufiit is verified, 

16. A data processjing method according to Claim 13, 
wherein : 

when the access 
process, said control urlit 
address of a data file 



coir mand 



designates a data-file reading 
executes a process in which the 
o be read is selected from a file 



allocation table corresponding to the data storage area in 
said data storage means\ and is transmitted to said memory 
interface unit; and 

after receiving thd address of the data file, said 
memory interface unit determines, by using the received 
address to refer to the access permission table, whether or 
not an address -assigned area having the address is a data- 
readable area, and only when the address-assigned area is a 
data-readable area does said memory interface unit execute 
the data-file reading piiocess. 



address of a data file to 
data storage area in said 



17. A data processi^ng method according to Claim 13, 
wherein : 

when the access command designates a data-file writing 
process, said control unljt executes a process in which the 

be written is selected from the 
data storage means and is 
transmitted as a write ad|dress to said memory interface 
unit ; and 

after receiving the v^rite address, said memory 

by using the received write 
address to refer to the access permission table, whether or 
not an address -assigned area having the write address is 
data-writable area, and olnly when the address -assigned area 
is a data-writable area does said memory interface unit 



interface unit determines 
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execute the data-fi 



in the access 
additional data, an 
based on data in th 



le writing process 



18. A data processing method according to Claim 13, 
wherein : 

]3ermission table, in the form of 

integrity check value which is generated 
e access peormission table is included as 
a check value for verifying whether or not the data in the 
access permission table is interpolated; and 

said memory interface unit executes the steps of: 

ed on the integrity check value, the 
of the access permission table; 
cess permission table in said memory 
it is determined that the access 



executing, bas 
integrity checking 

setting the ac 
interface unit wher 



executing data 
access permission i 
permission table. 



permission table has not been interpolated; and 



processing based on the determination of 
n accordance with the set access 



19. A data professing method according to Claim 13, 
wherein: 

in the access permission table, in the form of 
additional data, an integrity check value which is generated 
based on data including data in the access permission table 
and an identifier unilque to said data storage means is 



# 
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included as a check \alue for verifying whether or not the 
data in the access permission table is interpolated; and 
said memory interface unit executes the steps of: 
executing the ve;rif ication based on the integrity check 
value as the verification of whether or not the access 
permission table is stored in valid media, in addition to 
the verification of whether or not the data in the access 
permission table is a nterpolated; 

the access permission table when the 
s verified ; and 



setting therein 
validity of storage i 



executing data processing based on the determination of 
access permission in accordance with the set access 
permission table. 



20, A data processing method according to Claim 13, 
wherein, when mutual authentication is established as a 
result of mutual authentication with said data storage means, 

table, which is stored in the memory 
means, is set in said memory interface 



the access permission 
of said data storage 
unit . 



21. A data processing method according to Claim 13, 
wherein : 

said data storade 
storage area which h^s 



means is a flash memory having a data 
a plurality of blocks , each of which 
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consists of a plurality of sectors in which each of the 
sectors has a predetermined data capacity; 

in the access permission table, either information on 



2 



whether or not blocW-unit data erasure can be performed or 



information on whether or not block-unit data playback can 



be performed is set ; 



and 



in accordance with either information set in the access 
permission table, said memory interface unit determines 
whether or not block-unit data processing can be executed. 



22. A program providing medium for providing a computer 
program which controjls a computer system to execute data 
processing by a data processing device comprising a memory 
interface unit for acfcessing data storage means and a 
control unit for contjrolling said memory interface unit, 
wherein the computer program comprises the steps of: 
setting an access permission table which is stored in a 

;aid data storage means; 
determining, by ijef erring to the access permission 
table in response to 4^ access command to access said data 

or not to execute the access command; 



data storage area in s 



storage means, whethei 
and 

executing only a 
access permission tabl 



trocess which is set executable by the 



